CVE-2020-11075 Shell Escape in Anchore Engine

In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user vi...

CVE-2020-11075

CVE-2020-11075 affects Anchore Engine 0.7.0. A specially crafted container image manifest fetched from a registry can trigger a shell escape in the anchore engine analyzer service during image analysis. Exploitation requires an authenticated API request or manipulation of a monitored image’s mani...

Arista restricted shell escape (with privesc)

This exploit module takes advantage of a poorly configured TACACS+ config, Arista's bash shell and TACACS+ read-only account to privilage escalate. A CVSS v3 base score of 9.8 has been assigned. This module requires Metasploit: https://metasploit.com/download Current source:...

Huawei EulerOS: Security Advisory for texlive (EulerOS-SA-2019-1873)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

lldptool: improper sanitization of shell-escape codes

lldptool can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal...

Low: lldpad security and bug fix update

The lldpad packages provide the Linux user space daemon and configuration tool for Intel's Link Layer Discovery Protocol LLDP Agent with Enhanced Ethernet support. Security Fixes: lldptool: improper sanitization of shell-escape codes CVE-2018-10932 For more details about the security issues,...

lldpad security and bug fix update

An update is available for lldpad. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The lldpad packages provide the Linux user space daemon and configuration tool...

lldptool: improper sanitization of shell-escape codes

lldptool can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal...

CVE-2019-14337

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the /bin/sh -c wget sequence...

CVE-2019-14337

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the /bin/sh -c wget sequence...

Input validation

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the /bin/sh -c wget sequence...

CVE-2019-14337

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the /bin/sh -c wget sequence...

CVE-2019-14337

CVE-2019-14337 affects D-Link 6600-AP and DWL-3600AP devices running firmware 4.2.0.14 (Ax). The issue enables escaping the restricted command-line interface to a shell, demonstrated by the /bin/sh -c wget sequence. Documented references include NVD (CVSS2/3.1), Red Hat and CNVD entries, and thir...

CVE-2019-1911

A vulnerability in the CLI of Cisco Unified Communications Domain Manager Cisco Unified CDM Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could exploit this vulnerabili...

CVE-2019-1911 Cisco Unified Communications Domain Manager Restricted Shell Escape Vulnerability

A vulnerability in the CLI of Cisco Unified Communications Domain Manager Cisco Unified CDM Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could exploit this vulnerabili...

CVE-2019-1911 Cisco Unified Communications Domain Manager Restricted Shell Escape Vulnerability

A vulnerability in the CLI of Cisco Unified Communications Domain Manager Cisco Unified CDM Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could exploit this vulnerabili...

Cisco Unified Communications Domain Manager Restricted Shell Escape Vulnerability

A vulnerability in the CLI of Cisco Unified Communications Domain Manager Cisco Unified CDM Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could exploit this vulnerabili...

Sophos XG firewall API Configuration component shell escape vulnerability

Sophos XG firewall is a next-generation endpoint protection and enterprise-class firewall product from Sophos UK.API Configuration is one of the API configuration components. A security vulnerability exists in the /webconsole/APIController of the API Configuration component in Sophos XG firewall...

CVE-2018-16117

A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter...

CVE-2018-16118

A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header...